W32.Arpiframe

Discussion in 'NOD32 version 2 Forum' started by OzBoz, Jul 26, 2007.

Thread Status:
Not open for further replies.
  1. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    32
    Location:
    Queensland Australia
    W32.Arpiframe found on my system this morning, using another virus checker. My system was severely affected, so it was not a false positive.

    Just thought I'd mention it here, as I can't find any reference to this worm, either here or over at Esset.

    Cheers
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please compress the file using RAR/ZIP, protect the archive with the password "infected" and submit it to samples[at]eset.com along with this thread's url in the subject.
     
  3. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    32
    Location:
    Queensland Australia
    Unfortunately, I did not keep a quarantined copy when cleaning. My system was in such a mess, even after cleaning, only a System Restore would solve the problem.

    Cheers

    Brian
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It could have been just a false positive and the problems were actually stemming from something else. Hence we always need to get and analyse any suspicious files you might come across before you delete them.

    I have found one sample that Symantec detects as W32.Arpiframe. It's just a hack tool, not a threat if that's the same file as the one you mean.
     
  5. OzBoz

    OzBoz Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    32
    Location:
    Queensland Australia
    Ok, I'll keep that in mind for the future. It was only after checking on Symantec's site that I became aware that it was a worm that attacks HTML and browser. I was certainly experiencing problems in that line, which went away after I removed it, and repaired using a System Restore. It was certainly a nasty, and it was definitely there.

    Cheers

    Brian
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's just a command line tool, maybe other malware used to exploit it for malicious purposes.
     
Thread Status:
Not open for further replies.